LATEST NEWS: Cring #ransomware recently made headlines due to a recent attack that exploited a bug in the 11-year-old version of the Adobe ColdFusion 9 software. Follow this thread and let’s look at the techniques typically wielded by this ransomware.
👇 👇 👇 [1/5]
[2/5] #Cring ransomware gains initial access through unsecure remote desktop protocol (RDP) or through unpatched vulnerabilities.
[3/5] The threat also abuses tools such as #Mimikatz for credential access and Cobalt Strike for lateral movement. More details on how these tools are abused for ransomware attacks: research.trendmicro.com/3hYEMkT
[5/5] To defend systems against ransomware, organizations must employ a proactive approach that involves patching vulnerabilities and monitoring systems for suspicious behavior:
LATEST NEWS: Both @CISAgov and @FBI just released an advisory on #Conti#ransomware, which they’ve recently observed being used to attack US and international organizations.
#Conti operators use several methods to gain initial access like spear phishing and exploiting public-facing applications, followed by the use of Cobalt Strike. We investigated how Conti #ransomware operators used Cobalt Strike to launch attacks: research.trendmicro.com/3CDba4C
[3/5]
Aside from Cobalt Strike, #Rclone is another legitimate tool abused by Conti operators in their previous campaigns. We discuss some of the most commonly abused legitimate tools here 👉 research.trendmicro.com/2W8cNaS
[1/n] We’re monitoring developments on a new piece of proof-of-concept #ransomware called #Chaos. It’s purportedly a .NET version of #Ryuk, but our analysis shows that its routines are different from Ryuk’s.
[2/n] Earlier versions of #Chaos were actually destructive #trojans that overwrote rather than encrypted files, which meant that victims had no way of restoring their files to their original state.
[3/n] The third version of #Chaos was traditional #ransomware, having the ability to encrypt files via RSA/AES and also providing a decrypter. With this version, the creator asked for donations to support the ongoing development of Chaos.